#VU12311 Use of cryptographically weak PRNG in IBM DB2
Vulnerability identifier: #VU12311
Vulnerability risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-338
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
IBM DB2
Server applications /
Database software
Vendor: IBM Corporation
Description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.
Mitigation
Install update from vendor's website.
Vulnerable software versions
IBM DB2: 9.7.0.0, 10.1.0.0, 10.5.0.0, 11.1.0.0
External links
http://exchange.xforce.ibmcloud.com/vulnerabilities/139071
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
